The XDSpy threat actor has been identified as exploiting a Windows LNK zero-day vulnerability, dubbed ZDI-CAN-25373, to target governmental entities in Eastern Europe and Russia.
This ongoing campaign, active since March 2025, employs an intricate multi-stage infection chain to deploy the malicious XDigo implant, crafted in Go, as revealed by a detailed investigation stemming from Trend Micro’s initial report.
https://gbhackers.com/xdspy-threat-acto ... erability/